X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fprotocol_key.c;h=ee292b65448dcee3e043ffd4a71cec0ad2cf96a2;hp=b55e83078a045d975724de39d2d52cc0b57e61bf;hb=3fae14fae5a347823679ef694ab630b4991a201d;hpb=6685f2c8afc4775c3656dccc5a37286c01c0e854

diff --git a/src/protocol_key.c b/src/protocol_key.c
index b55e8307..ee292b65 100644
--- a/src/protocol_key.c
+++ b/src/protocol_key.c
@@ -1,7 +1,7 @@
 /*
     protocol_key.c -- handle the meta-protocol, key exchange
     Copyright (C) 1999-2005 Ivo Timmermans,
-                  2000-2012 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2016 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -46,8 +46,10 @@ void send_key_changed(void) {
 
 	for(node = connection_tree->head; node; node = node->next) {
 		c = node->data;
-		if(c->status.active && c->node && c->node->status.reachable)
+
+		if(c->status.active && c->node && c->node->status.reachable) {
 			send_ans_key(c->node);
+		}
 	}
 }
 
@@ -57,7 +59,7 @@ bool key_changed_h(connection_t *c) {
 
 	if(sscanf(c->buffer, "%*d %*x " MAX_STRING, name) != 1) {
 		logger(LOG_ERR, "Got bad %s from %s (%s)", "KEY_CHANGED",
-			   c->name, c->hostname);
+		       c->name, c->hostname);
 		return false;
 	}
 
@@ -66,14 +68,15 @@ bool key_changed_h(connection_t *c) {
 		return false;
 	}
 
-	if(seen_request(c->buffer))
+	if(seen_request(c->buffer)) {
 		return true;
+	}
 
 	n = lookup_node(name);
 
 	if(!n) {
 		logger(LOG_ERR, "Got %s from %s (%s) origin %s which does not exist",
-			   "KEY_CHANGED", c->name, c->hostname, name);
+		       "KEY_CHANGED", c->name, c->hostname, name);
 		return true;
 	}
 
@@ -82,8 +85,9 @@ bool key_changed_h(connection_t *c) {
 
 	/* Tell the others */
 
-	if(!tunnelserver)
+	if(!tunnelserver) {
 		forward_request(c);
+	}
 
 	return true;
 }
@@ -99,7 +103,7 @@ bool req_key_h(connection_t *c) {
 
 	if(sscanf(c->buffer, "%*d " MAX_STRING " " MAX_STRING, from_name, to_name) != 2) {
 		logger(LOG_ERR, "Got bad %s from %s (%s)", "REQ_KEY", c->name,
-			   c->hostname);
+		       c->hostname);
 		return false;
 	}
 
@@ -112,7 +116,7 @@ bool req_key_h(connection_t *c) {
 
 	if(!from) {
 		logger(LOG_ERR, "Got %s from %s (%s) origin %s which does not exist in our connection list",
-			   "REQ_KEY", c->name, c->hostname, from_name);
+		       "REQ_KEY", c->name, c->hostname, from_name);
 		return true;
 	}
 
@@ -120,22 +124,24 @@ bool req_key_h(connection_t *c) {
 
 	if(!to) {
 		logger(LOG_ERR, "Got %s from %s (%s) destination %s which does not exist in our connection list",
-			   "REQ_KEY", c->name, c->hostname, to_name);
+		       "REQ_KEY", c->name, c->hostname, to_name);
 		return true;
 	}
 
 	/* Check if this key request is for us */
 
-	if(to == myself) {			/* Yes, send our own key back */
-		if (!send_ans_key(from))
+	if(to == myself) {                      /* Yes, send our own key back */
+		if(!send_ans_key(from)) {
 			return false;
+		}
 	} else {
-		if(tunnelserver)
+		if(tunnelserver) {
 			return true;
+		}
 
 		if(!to->status.reachable) {
 			logger(LOG_WARNING, "Got %s from %s (%s) destination %s which is not reachable",
-				"REQ_KEY", c->name, c->hostname, to_name);
+			       "REQ_KEY", c->name, c->hostname, to_name);
 			return true;
 		}
 
@@ -157,19 +163,23 @@ bool send_ans_key(node_t *to) {
 	to->inkey = xrealloc(to->inkey, to->inkeylength);
 
 	// Create a new key
-	if (1 != RAND_bytes((unsigned char *)to->inkey, to->inkeylength)) {
+	if(1 != RAND_bytes((unsigned char *)to->inkey, to->inkeylength)) {
 		int err = ERR_get_error();
-		logger(LOG_ERR, "Failed to generate random for key (%s)", "SEND_ANS_KEY", ERR_error_string(err, NULL));
+		logger(LOG_ERR, "Failed to generate random for key (%s)", ERR_error_string(err, NULL));
 		return false; // Do not send insecure keys, let connection attempt fail.
 	}
 
-	if(to->incipher)
-		EVP_DecryptInit_ex(&to->inctx, to->incipher, NULL, (unsigned char *)to->inkey, (unsigned char *)to->inkey + to->incipher->key_len);
+	if(to->incipher) {
+		EVP_DecryptInit_ex(to->inctx, to->incipher, NULL, (unsigned char *)to->inkey, (unsigned char *)to->inkey + EVP_CIPHER_key_length(to->incipher));
+	}
 
 	// Reset sequence number and late packet window
 	mykeyused = true;
 	to->received_seqno = 0;
-	if(replaywin) memset(to->late, 0, replaywin);
+
+	if(replaywin) {
+		memset(to->late, 0, replaywin);
+	}
 
 	// Convert to hexadecimal and send
 	char key[2 * to->inkeylength + 1];
@@ -177,10 +187,10 @@ bool send_ans_key(node_t *to) {
 	key[to->inkeylength * 2] = '\0';
 
 	return send_request(to->nexthop->connection, "%d %s %s %s %d %d %d %d", ANS_KEY,
-			myself->name, to->name, key,
-			to->incipher ? to->incipher->nid : 0,
-			to->indigest ? to->indigest->type : 0, to->inmaclength,
-			to->incompression);
+	                    myself->name, to->name, key,
+	                    to->incipher ? EVP_CIPHER_nid(to->incipher) : 0,
+	                    to->indigest ? EVP_MD_type(to->indigest) : 0, to->inmaclength,
+	                    to->incompression);
 }
 
 bool ans_key_h(connection_t *c) {
@@ -193,10 +203,10 @@ bool ans_key_h(connection_t *c) {
 	node_t *from, *to;
 
 	if(sscanf(c->buffer, "%*d "MAX_STRING" "MAX_STRING" "MAX_STRING" %d %d %d %d "MAX_STRING" "MAX_STRING,
-		from_name, to_name, key, &cipher, &digest, &maclength,
-		&compression, address, port) < 7) {
+	                from_name, to_name, key, &cipher, &digest, &maclength,
+	                &compression, address, port) < 7) {
 		logger(LOG_ERR, "Got bad %s from %s (%s)", "ANS_KEY", c->name,
-			   c->hostname);
+		       c->hostname);
 		return false;
 	}
 
@@ -209,7 +219,7 @@ bool ans_key_h(connection_t *c) {
 
 	if(!from) {
 		logger(LOG_ERR, "Got %s from %s (%s) origin %s which does not exist in our connection list",
-			   "ANS_KEY", c->name, c->hostname, from_name);
+		       "ANS_KEY", c->name, c->hostname, from_name);
 		return true;
 	}
 
@@ -217,23 +227,24 @@ bool ans_key_h(connection_t *c) {
 
 	if(!to) {
 		logger(LOG_ERR, "Got %s from %s (%s) destination %s which does not exist in our connection list",
-			   "ANS_KEY", c->name, c->hostname, to_name);
+		       "ANS_KEY", c->name, c->hostname, to_name);
 		return true;
 	}
 
 	/* Forward it if necessary */
 
 	if(to != myself) {
-		if(tunnelserver)
+		if(tunnelserver) {
 			return true;
+		}
 
 		if(!to->status.reachable) {
 			logger(LOG_WARNING, "Got %s from %s (%s) destination %s which is not reachable",
-				"ANS_KEY", c->name, c->hostname, to_name);
+			       "ANS_KEY", c->name, c->hostname, to_name);
 			return true;
 		}
 
-		if(!*address && from->address.sa.sa_family != AF_UNSPEC) {
+		if(!*address && from->address.sa.sa_family != AF_UNSPEC && to->minmtu) {
 			char *address, *port;
 			ifdebug(PROTOCOL) logger(LOG_DEBUG, "Appending reflexive UDP address to ANS_KEY from %s to %s", from->name, to->name);
 			sockaddr2str(&from->address, &address, &port);
@@ -252,6 +263,7 @@ bool ans_key_h(connection_t *c) {
 	/* Update our copy of the origin's packet key */
 	from->outkey = xrealloc(from->outkey, strlen(key) / 2);
 	from->outkeylength = strlen(key) / 2;
+
 	if(!hex2bin(key, from->outkey, from->outkeylength)) {
 		logger(LOG_ERR, "Got bad %s from %s(%s): %s", "ANS_KEY", from->name, from->hostname, "invalid key");
 		return true;
@@ -264,13 +276,13 @@ bool ans_key_h(connection_t *c) {
 
 		if(!from->outcipher) {
 			logger(LOG_ERR, "Node %s (%s) uses unknown cipher!", from->name,
-				   from->hostname);
+			       from->hostname);
 			return true;
 		}
 
-		if(from->outkeylength != from->outcipher->key_len + from->outcipher->iv_len) {
+		if(from->outkeylength != EVP_CIPHER_key_length(from->outcipher) + EVP_CIPHER_iv_length(from->outcipher)) {
 			logger(LOG_ERR, "Node %s (%s) uses wrong keylength!", from->name,
-				   from->hostname);
+			       from->hostname);
 			return true;
 		}
 	} else {
@@ -284,13 +296,13 @@ bool ans_key_h(connection_t *c) {
 
 		if(!from->outdigest) {
 			logger(LOG_ERR, "Node %s (%s) uses unknown digest!", from->name,
-				   from->hostname);
+			       from->hostname);
 			return true;
 		}
 
-		if(from->outmaclength > from->outdigest->md_size || from->outmaclength < 0) {
+		if(from->outmaclength > EVP_MD_size(from->outdigest) || from->outmaclength < 0) {
 			logger(LOG_ERR, "Node %s (%s) uses bogus MAC length!",
-				   from->name, from->hostname);
+			       from->name, from->hostname);
 			return true;
 		}
 	} else {
@@ -301,13 +313,13 @@ bool ans_key_h(connection_t *c) {
 		logger(LOG_ERR, "Node %s (%s) uses bogus compression level!", from->name, from->hostname);
 		return true;
 	}
-	
+
 	from->outcompression = compression;
 
 	if(from->outcipher)
-		if(!EVP_EncryptInit_ex(&from->outctx, from->outcipher, NULL, (unsigned char *)from->outkey, (unsigned char *)from->outkey + from->outcipher->key_len)) {
+		if(!EVP_EncryptInit_ex(from->outctx, from->outcipher, NULL, (unsigned char *)from->outkey, (unsigned char *)from->outkey + EVP_CIPHER_key_length(from->outcipher))) {
 			logger(LOG_ERR, "Error during initialisation of key from %s (%s): %s",
-					from->name, from->hostname, ERR_error_string(ERR_get_error(), NULL));
+			       from->name, from->hostname, ERR_error_string(ERR_get_error(), NULL));
 			return true;
 		}
 
@@ -320,8 +332,9 @@ bool ans_key_h(connection_t *c) {
 		update_node_udp(from, &sa);
 	}
 
-	if(from->options & OPTION_PMTU_DISCOVERY && !from->mtuevent)
+	if(from->options & OPTION_PMTU_DISCOVERY && !from->mtuevent) {
 		send_mtu_probe(from);
+	}
 
 	return true;
 }